New reporting requirements under the SRA’s outcomes-focused regulations have put additional pressure on risk teams’ resources but finding the right individuals for the new COLP and COFA roles has been the top priority.
Risk teams have been pulled in many directions in the last few years but top of their agenda throughout 2012 was going through the process to appoint the compliance officer for legal practice (COLP) and the compliance officer for finance and administration (COFA). The new roles were introduced as part of the Solicitors Regulation Authority (SRA)’s push into outcomes-focused regulation (OFR) but for some the process has been painful and protracted, while some firms were still waiting for the individuals they nominated for the COLP role to be approved.
The expectations of the SRA regarding the individuals selected to take on the flagship COLP role in particular are such that firms have almost been looking for a mythical superhero. Roger Butterworth, general counsel (GC) and COLP at Bird & Bird, sums up the scale of the task: ‘The ideal COLP will have an army like Genghis Khan’s, the wisdom of Solomon, the diplomacy of the Queen, the brain of Einstein, the IT skills of Bill Gates, the presentational skills of John Travolta, the time speed of Mo Farah and the time travelling skills of Doctor Who – and as many lives. It will be several years before expectations and perceptions settle down so it is clearer what the role entails.’
Take your pick
Last year our survey asked risk teams who they would nominate as COLP and COFA and this year we wanted to see how the position had altered following the nomination process. The COLP must be a qualified lawyer. 54% of respondents said their head of compliance would take on that role, as opposed to 28% last year. One individual surveyed said that the greatest challenge for the COLP will be to look holistically at risk, while another said that the procedures will take time to become familiar with, which is why the head of risk and compliance would be the logical choice to fulfil the role.
‘In my view, the head of compliance is the right person for the job, assuming (and this is very key) that the head of compliance has sufficient authority within the firm to fulfil the role,’ says Sandra Neilson-Moore, European practice leader for law firms’ professional indemnity at Marsh.
What are the main barriers to implementing a risk management culture at your firm?
| LB100 rank | Selected comments |
|---|---|
| Top 20 | Time. |
| Top 20 | Size and geographic spread of firm. |
| Top 20 | Internationally – local cultural differences. |
| Top 20 | Lack of bespoke risk management software. |
| Top 20 | Emphasis on maximising fees and profitability. |
| 21-50 | Consensus of view. |
| 21-50 | Competition for lawyers’ time over-and-above that needed for client work. |
| 21-50 | Effective methods of keeping all partners and staff aware/trained in all of the risks that affect them. |
| 21-50 | Competing demands. |
| 21-50 | Historical lack of investment and awareness. |
| 51-100 | Individual partner behaviour. |
| 51-100 | Time and resources. |
| 51-100 | Fee-earning pressure. |
| 51-100 | External change awareness. |
| 51-100 | Realisation of impacts. |
| 100+ | Busy practitioners. |
| 100+ | Perceived bureaucratic detail. |
| 100+ | Pressure of client business. |
| 100+ | Knowing where things have gone wrong in the past. |
| 100+ | Cost of training. |
Despite this, some 18% of firms in our survey believe that the COLP role should be the responsibility of the managing partner, the same number as last year. Emma Dowden, director of operations and best practice at Burges Salmon, says that the firm’s managing partner Peter Morris is ‘the most appropriate person to be our COLP’.
‘That’s fantastic from my perspective because to have senior management taking on that role says “this is really important to us”,’ she adds. ‘It makes a real statement within the organisation about the prominence and visibility of the role. I lead an executive team that supports Peter in the role but it’s certainly brought it to the top of the leadership agenda.’
Almost a third of firms surveyed (29%) said that the firm’s existing GC is the preferred choice of COLP, double the 14% last year. Generally the larger and more sophisticated firms have their own GCs and for many it provides the perfect mix of someone who has oversight of risk management at a micro and macro level but also has a voice that is heard throughout the partnership.
Jonathan Westwell, GC and partnership secretary at Baker & McKenzie, suggests that the head of compliance may previously have been viewed as an internal whistle blower, whereas the GC was seen more as an adviser. ‘Being COLP and GC requires you to wear different hats,’ he says, ‘and there is a concern that at times it will be difficult to strike a balance between the competing demands of the roles.’
Olswang’s GC and partnership secretary Simon Callander, who is COLP at the firm and has a relatively small team of people including a head of compliance, says he doesn’t think there is much difference between a GC and head of risk. However, in order to truly succeed, the COLP must be seen as a trusted individual by both the business and the regulator.
‘There should not be any interference by one regulator
into the business of another and
hopefully that will be avoided.’
Sandra Neilson-Moore, Marsh
Ultimately Westwell says who should be nominated as COLP depends on a range of factors, which will vary from firm to firm. ‘The size, structure and complexity of a firm might influence the choice of COLP, but there is no right or wrong answer. It depends on the candidates that are potentially available and willing to accept the role.’
Butterworth agrees: ‘Choosing the COLP depends on the firm and its size – for instance a Magic Circle firm might have 66 people in its risk and compliance team and we have about 15.’ He adds: ‘This role is very process-driven and I get the impression that for a lot of firms it’s taken a while to work it out.’
Opinions over the COFA were predictably less polarised, with 70% nominating the finance director, and 30% choosing those in other roles. This position was largely unchanged from last year, with 73% choosing the financial director and around 20% choosing people in other roles. However, Tony Cherry, who has headed the risk function at DAC Beachcroft for the past five years, says the COFA should not necessarily be an internal finance officer. This is, he says, because the traditional role of the finance director is to achieve goals for the firm, whereas the COFA role entails full regulatory compliance. But this is a minority viewpoint at the moment.
The way the nomination process for COLPs and COFAs was handled by the SRA produced mixed feelings among risk managers. Some individuals had to wait before being officially appointed and some, despite jumping through the requisite hoops, were still waiting for official approval in late January. Some have waited weeks before their start date because of ‘technical issues’. While Callander’s application was also delayed, he praised the SRA for being on top of other administrative issues.
Butterworth says: ‘I think the SRA had a problem with the volume. I think there are 11,000 law firms in England – that is 22,000 nominations – that was quite a lot to get through, even in the five months they allowed themselves.’
‘All the firms I am familiar with at this level have taken great care in the selection of both the COLP and the COFA,’ says Neilson-Moore. ‘I have heard some suggestions however that the SRA has been (in the opinion of some firms) overly cautious in terms of the checks on these individuals. It ruffled some feathers.’
What is the size of your risk team?
Source: Marsh/Legal Business RM Survey
Under the radar
Given the fact risk teams have had to contend with the move to OFR and the new COLP and COFA roles in recent years, it is perhaps no surprise that one of the biggest barriers to implementing a proper risk management culture and structure at firms is the ignorance of partners over the pressures risk teams are facing under the new regime. This is a common bugbear, with one respondent commenting: ‘We ask all our new joiners what OFR means, and the majority do not know.’
Butterworth says that partners tend to be focused on winning work and that risk compliance is taken for granted. ‘However, for larger firms, such as ourselves, with 70% of our partners outside the UK, you cannot really criticise them,’ he adds.
Westwell concedes that partners are still getting to grips with the changes in the regulatory framework and that the new regime will take time to have an impact. For this reason, communicating the changes should be a priority for risk teams.
‘It’s not about a detailed intrusive compliance system, it’s about encouraging people to do the right thing,’ says Callander. He adds that the term ‘compliance’ has become misunderstood and identified with barriers or blocking business, but if properly focused should facilitate stability.
Dowden rejects the suggestion that risk teams suffer because fee-earners are not interested in the new regulatory framework. ‘I think you have to turn that around because it’s the responsibility of the risk team to educate the rest of the firm on what the requirements are. I don’t think it’s good enough to say people are ignorant of the pressures,’ she says.
The size of risk teams also raised some interesting points. Average team size this year was 27 people, slightly down from last year’s average of 32. But the resources committed to various parts of the risk teams are up in certain areas from last year, with conflicts averaging nine people (up from six the year before), compliance nine (up from six) and operational eight (up from six again).
Certainly one aspect that has put demand on firms to potentially increase the size of risk teams is the obligation on firms to record non-material breaches of the SRA Handbook. Butterworth says that under the OFR regime – which obliges COLPs to report all material breaches and record all non-material ones – he is overwhelmed with administrative work. ‘What is unfortunate is that you have to record all incidents, small and minor – which is extremely irritating, because it potentially distracts from the important things. That is the opposite of what OFR should be.’
Dowden says Burges Salmon is considering bringing in an additional member of staff to handle the new regulatory requirements which include non-material breach reporting, as they believe there will be a significant increase in associated admin work. ‘With all the additional regulatory requirements involved there will be additional pressure on risk teams. But taking on extra resources in the current economic environment has to be considered very carefully of course,’ she says.
International rescue
Jurisdictional issues are likely to dominate risk teams’ agendas for the year ahead. The SRA launched a consultation on the future regulation of international practices before opening another consultation in December 2012 covering how it intends to revise the SRA Handbook to take account of overseas and international practice. This consultation was due to end on 14 March, with the SRA hoping to implement changes by the end of the year.
1) Who will have the position of compliance officer for legal practice (COLP) at your firm?
2) Will the designated COLP actually fulfil this role rather than delegating to a non-partner administrator in the risk team?
3) Who will have the position of compliance officer for finance and administration (COFA) in your team?
4) Will the designated COFA actually fulfil this role rather than delegating to a non-partner administrator in the risk team?
Source: Marsh/Legal Business RM Survey
The lack of clarity in the SRA Handbook has emerged as a real problem for risk managers dealing with multiple jurisdictions. One respondent noted that ‘diversity across countries for risk awareness causes big problems’, while another cited ‘cultural differences across jurisdictions’ as a key barrier to risk management.
Callander does not think the SRA is clear about what it is trying to achieve internationally. ‘It’s incredibly arrogant for the SRA to effectively say, “If you open an office in X, we need to regulate that because we need to make sure it’s run properly when there’s a local Bar organisation doing exactly the same job”. I think the solution is simple: the SRA should regulate the provision of English law advice. Beyond that firms should have a general obligation to assess risk from international offices,’ he says.
In its current form, many risk managers believe the SRA is not taking fully into account the different approaches worldwide to the rule of law and what constitutes proper conduct. There are issues over different standards, and this could be better left for individual firms and their international practices to manage themselves.
Neilson-Moore acknowledges that international compliance with the rules of England and Wales is impossible, and instead advocates international compliance with the basic tenets of the ‘principles’ of the SRA Handbook. ‘There should not be any interference by one regulator into the business of another and hopefully that will be avoided,’ she says.
Whatever the outcome of this latest consultation, it is clear that the creation of any overarching principles on international regulation that will place further administrative burden on risk teams will not be widely welcomed. LB
miriam.fahey@legalease.co.uk
Legal Business would like to thank Marsh for its sponsorship of this survey.